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Abstract 

f-H ■ Bachet elliptic curves are the curves y 2 = x 3 + a 3 and in this work the 

' group structure E(¥ p ) of these curves over finite fields F p is considered. It 

, is shown that there are two possible structures E(¥ p ) = C p +i or E(¥ p ) = 

• C n x Cnm, for m,n £ N, according to p = 5 (mod 6) and p = 1 (mod 6) , 

respectively. A result of Washington is restated in a more specific way 
saying that if E(¥ p ) = Z„ x Z„, then p = 7 (mod 12) and p = n 2 =p n + 1. 

1 Introduction 

dLet p be a prime. We shall consider the elliptic curves 
IT) [ 

OO ■ E: y 2 = x 3 + a 3 (modp) (1) 

in , 

I where a is an element of F* = F p — {0} . Let us denote the group of the points 

Q ■ on E by £ (F p ) . 

If F is a field, then an elliptic curve over F has, after a change of variables, 
a form 

y 2 = x 3 + Ax + B 

where A and B £ ¥ with 4 A 3 + 27 B 2 ^ in F. Here D = —16 (4A 3 + 27S 2 ) is 
' called the discriminant of the curve. Elliptic curves are studied over finite and 

infinite fields. Here we take F to be a finite prime field ¥ p with characteristic 
p > 3. Then A,Be¥ p and the set of points (x,y) € F p x F p , together with 
a point o at infinity is called the set of F p — rational points of E on F p and is 
denoted by E (F p ) . N p denotes the number of rational points on this curve. It 
must be finite. 

In fact one expects to have at most 2p + 1 points (together with o)( for every 
x, there exist a maximum of 2 y s). But not all elements of F p have square 
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roots. In fact only half of the elements of F p have a square root. Therefore the 
expected number is about p + 1. 
It is known that 

p-i 

N p =p+1 + J^X (x 3 + Ax + B). 

x=0 

Here we use the fact that the number of solutions of y 2 = u (p) is 1 + \ (u) . 
The following theorem of Hasse quantifies this result. 

Theorem 1 (Hasse 1922) N p < (^/p+l) 2 . 

Now we look at the algebraic structure of E (F p ) . 

Let P (x\,y\) and Q (x 2 , y 2 ) be two points on E : y 2 = x 3 + Ax + B. 

Let also 

rn _j (i/a - yi) I (x 2 - Xl ) if P^Q 

\ {3x 2 +A)/2 yi if P = Q 

where yi ^ 0, while when yi = 0, the point is of order 2. 

X3 = m 2 — xi — X2 and yz = m {x\ — xz) — V\ 

then 

{o if x\ = x 2 and y x + y 2 = 

Q if P = Q 

(2:3, j/3) otherwise 

By definition — P = (x, —y) . 



Because of the definition of addition in an arbitrary field, it takes very long 
to make any addition and the results are very complicated. 

Here we shall deal with Bachet elliptic curves y 2 = x 3 + a 3 modulo p. Let 
Np^a denote the number of rational points on this curve. Some results on these 
curves have been given in Q], and [2]. 

A historical problem leading to Bachet elliptic curves is that how one can 
write an integer as a difference of a square and a cube. In another words, for 
a given fixed integer c, search for the solutions of the Diophantine equation 
y 2 — x 3 = c. This equation is widely called as Bachet or Mordell equation. The 
existence of duplication formula makes this curve interesting. This formula was 
found in 1621 by Bachet. When (x, y) is a solution to this equation where 

x, y G Q, it is easy to show that ( x4 ^ cx , ~ z6 ~ 2 8 ^T 3+8c2 ) is also a solution 
for the same equation. Furthermore, if {x, y) is a solution such that xy 7^ 
and 1. — 432, then this leads to infinitely many solutions, which could not 
proven by Bachet. Hence if an integer can be stated as the difference of a cube 
and a square, this could be done in infinitely many ways. 
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If p = 5 (mod 6) , it is well known that E (¥ p ) = C p+ \, the cyclic group of 
order p + 1, [4]. But when p = 1 (mod 6), there is no result giving the group 
structure of E (F p ) . In this work, we discuss this situation. We show that this 
group is isomorphic to a direct product of two cyclic groups C n and C nm , i.e. 

E (F p ) = C n x C nm 

for m, n 6 N. If we denote the order of E (¥ p ) by A^^, then 

Np, a = n 2 m = p + 1 — 6 

where b > when a £ Q p , and 6 < otherwise. Here 6 is the trace of the 
Frobenius endomorphism. 

2 Bachet Elliptic curves having a group of the 
form C n x C nm 

Let E be the curve in (1) . Then its twist is defined as the curve y 2 = x 3 + g 3 a 3 , 
where g is an element of Q p , the set of quadratic non-residues modulo p. As 
usual, Q p denotes the set of quadratic residues modulo p. Here note that if 
a £ Q p , then ga £ Q p and when a £ Q pl then ga £ Q p . It is easy to show that 
b of (1) and of its twist have different signs. Therefore 

Theorem 2 Letp= 1 (mod 6) be a prime. If (1) has the group isomorphic to 
C n x Cnm with order n 2 m = p + 1 — b, then its twist is isomorphic to C r x C rs 
with order r 2 s = p + 1 + b. 

Let us define t = \b\ . That is 

t = \p+l-N p>a \, 

We first have 

Theorem 3 a) Letp= 1 (mod 12) be a prime. Then 

b = 2 (mod 12) iff N p , a = (mod 12) 

and 

6=10 (mod 12) iff N P!a = 4: (mod 12). 
b) Let p = 7 (mod 12) be a prime. Then 

6 = 4 (mod 12) iff Np ta = 4 (mod 12) 

and 

6 = 8 (mod 12) iff Np. a = (mod 12) . 
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Proof, a) Let p = 1 (mod 12) be a prime. Then we can write this as p = 
1 + 12n, neZ. Also 6 = 2 (mod 12) can be stated as b = 2 + 12m, m e Z. By 
substituting these, we get 

6=2 (mod 12) A PiQ = p + 1 - 6 

and hence N p ^ a = 1 + 12n + 1 — (2 + 12m) = 12 (n — m) and this is only valid 
when Np. a = (mod 12) . Similarly, 

6=10 (mod 12) AT Pi0 = p + 1 - b = 1 + 12n + 1 - (10 + 12m) 

and therefore iV Pja = —8+12 (n — m) and this means that JVp )(J = 4 (mod 12) . Part 
b) is proved in a similar fashion. ■ 

Theorem 4 Let p = 1 (mod 6) 6e a prime. Then b is not divisible by 6. 

Proof. Let us consider the curve y 2 = x 3 + l. It has a point of order 6. Therefore 
its reduction modulo p has also a point of order 6. Therefore 

6 = p+ 1 - N Pia = 2 - = 2 (mod 6). 

The other possibility for the curve is y 2 = x 3, + a 3 with a is a quadratic non- 
residue. It is the quadratic twist of the other curve, so has 6 = —2 (mod 6) . 
Therefore in both cases 6 is non-zero mod 6. ■ 

Corollary 5 Let p = 1 (mod 6) be a prime. Then N p _ a = or N p , a = 
4 (mod 6) . 

Also one obtains the following result: 

Corollary 6 If p = 1 (mod 12) is a prime, then b = +2 (mod 12) and if 
p = 7 (mod 12) is a prime, then b = =p4 (mod 12) . 

We now have the following result about the number of points on curves (1) . 

Theorem 7 Let p = 1 (mod 6) be a prime. Then 

a) If t = 2 (mod 6) , then (1) has b = t and N p ^ a = (6) , and its twist has 
b = —t and N pM = 4 (mod 6) . 

b) If t = 4 (mod 6) , then (1) has b = t and N P:a = 4 (mod 6) , and its twist 
has b = —t and N pM = (mod 6) . 

Proof. Let p = 1 (mod 6) be a prime. Let us put p = 1 + 6n, n e Z. Let 
t = 2 (mod 6) . If 6 = t, then 6=2 (mod 6) and now put 6 = 2 + 6m, m e Z. 
Therefore 

7V Pi<I = p+l-6 = 6n +1 + 1- 2- 6m 
= 6 (n — m) 

implying Ap. a = (mod 6) . 

The other parts can be proven similarly. ■ 

We then immediately have the following result concerning the elements of 
order 3: 
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Corollary 8 a) Let p = 1 (mod 12) be a prime. If t = 2 (mod 12), then (1) 
has b = t and N p>a = (mod 12) and E (F p ) has elements of order 3. Its twist 
has b = —t and N p ^ a = 4 (mod 12) implying that there are no elements of order 
3. 

Ift = 10 (mod 12) , then (1) has b = t and N p>a = 4 (mod 12) and E (¥ p ) 
has no elements of order 3, while its twist has b = —t and N p ^ a = (mod 12) 
implying that the group has elements of order 3. 

b) Let p = 7 (mod 12) be a prime. If t = 4 (mod 12) , then (1) has b = t 
and N Pt a = 4 (mod 12) and therefore has no points of order 3, while its twist 
has b = —t and N p _ a = (mod 12) having elements of order 3. 

If t = 8 (mod 12), then (1) has b = t and N p>a = (mod 12) implying it has 
elements of order 3 while its twist has b = —t and N p<a = 4 (mod 12) having no 
such elements. 

The elements of order 3 are important in the classification of these elliptic 
curves modulo p. We now show that their number is either 2 or 8: 

Theorem 9 Let p = 1 (mod 6) be a prime. If N p>a = (mod 6), then there 
are 2 or 8 points of order 3. 

Proof. By [5], there are at most 9 points together with the point at infinity 
o, forming a subgroup which is either trivial, cyclic of order 3 or the direct 
product of two cyclic groups of order 3. As we want to determine the number 
of elements of order 3, this group cannot be trivial. Then it is C3 or C3 x C3 
and it is well-known that it contains 2 or 8 elements of order 3, respectively. ■ 

In fact, if we let E (F p ) = C n x C nm , then when 3 divides n, E (F p ) has 8 
points of order 3, and when not, it has 2 points of order 3. 

We are now going to give one of the main results in Theorem 13. We first 
need the following results: 

Corollary 10 Let p be a prime. Then for only x = among all values of x in 
F p , a; 3 + 1 takes the value 1. 

Proof. It is clear that x = satisfies the condition. The fact that no other 
value of x satisfies x 3 + 1 = 1 is clear from the fact p is prime. ■ 

Theorem 11 Let p = 1 (mod 6) be a prime. There are 3 values of x between 
1 and p so that x 3 + 1 = (modp) . 

Proof. It is obvious that x 3 = a (modp) has three solutions in ¥ p for every 
a^O. For a = — 1, the proof follows. ■ 

Theorem 12 Let p = 1 (mod 6) be a prime. Then 

^2x(x 3 + l) =4 (mod 6). 

x£F p 
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Proof. For each x <G F p , calculate the p values of x 3 + 1. By Theorem 10, one of 
these values is 1. By Theorem 11, three of them are 0. The rest p — 4 values of 
a; 3 + 1 are grouped into triples. As p = 1 (mod 6) , is odd. Indeed, let 
us write p = 1 + 6k, k e Z. Then = 2k — 1. Let us suppose that out of these 
triples, s triples are in Q p and 2fc — 1 — s are in Q . If a triple is in Q p , then it 
adds +3 to the sum X ( x3 + l) > an d if it is in Q , —3 is added. Therefore 

x€F p 

Y,x(x 3 + 1) = l + 3.0 + «.(+3) + (2fc-l-«).(-3) 

x£F p 

= 6 (s - k) + 4 

implying the result. ■ 

Theorem 13 Let p = 1 (mod 6) be a prime, a e Q p iff N p ^ a = (mod 6) . 
Proof. It is well-known that 

N p , a = p + 1 + X (x 3 + a 3 ) 

By putting p = 1 + 6n for n e Z, we get JV P)a = 6n + 2 + X + fl3 ) • Now 

as x (a) = 1 , and as the set of the values of x 3 is the same as the set of the 
values of a 3 x 3 , we can write 

]T X (, 3 + a 3 ) = £ x (aV + a») 

= ^ X (a 3 ) X (x 3 + 1) 

xGFp 

= £x(* 3 + i), 

xGF p 

and by Theorem 12, this sum is congruent to 4 modulo 6. Hence, by putting 
X (x 3 + fl3 ) — 4 + 6r, r e Z, we get iVp >a = 6n + 2 + 4 + 6r implying 

xl£F p 

N p , a = (mod 6) . ■ 

Corollary 14 Let p = 1 (mod 6) fee a prime. If N p . a = (mod 6) , t/ien 
6=2 (mod 6). 

Proof. As N Pi a = p + 1 — b = p + 1 + J2 X ( x3 + ft3 ) > wc know that 6 = 

xeFp 

- ^ X ( a;3 + ft3 ) • By Theorem 12, the result follows. ■ 

x£F p 

Similarly we have 

Theorem 15 Let p = 1 (mod 6) be a prime. Then a e Q iff N = 4 (mod 6) . 
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Corollary 16 Let p = 1 (mod 6) be a prime. Let E be the curve given by (1) . 
Then 

a) a *E Q p iff E (F p ) has 2 or 8 elements of order 3. 

b) a G Q p iff E (¥ p ) has no elements of order 3. 

Proof. It is clear from Corollary 8 and Theorem 13. ■ 

3 Bachet Elliptic Curves having a group of the 
form C n x C n . 

Now we shall consider the case where the Bachet elliptic curves have a group 
isomorphic to C n x C n for same n. This is only possible when p = 1 (mod 6) , as 
otherwise when p = 5 (mod 6) , E (¥ p ) is isomorphic to the cyclic group C p+ \. 
We shall consider a result of Washington and refine it: 

Theorem 17 [3] Let E be an elliptic curve over ¥ q where q is a prime power 
and suppose E (¥ q ) = Z„ x Z„ for some integer n. Then either q = n 2 + 1, q — 
n =p n + 1 or q — (n =p 1) . 

Now we give a more specific result for Bachet elliptic curves given by (1) 
over ¥ q : 

Theorem 18 Let E be the elliptic curve in (1) . Suppose 

E(F p )=Z n x Z n . 
Then p = 7 (mod 12) and p = n 2 =F n + 1. 

Proof. By Theorem 17, there are three possibilities p = n 2 + l, p = n 2 ^fn+l or 
p = n 2 =F 2n + 1. The latter one is immediately rules out as p cannot be a square. 
We need only show that p cannot be equal to n 2 + 1. 

If p = n 2 + 1, than n 2 = p — 1 and hence p — 1 is in Q p . But it is known 
that p — 1 could be in Q p only when p = 1, 5 (mod 12) is prime. Therefore the 
result follows. ■ 
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